An Introduction to GuardianUI

What is GuardianUI and why should you care?

Two months ago, Curve Finance suffered a frontend attack that resulted in users losing over $570,000. Hackers compromised the Curve website to redirect user transactions to a malicious destination. In other words, Curve’s live UI didn’t create the expected smart contract interactions, and users were tricked into approving harmful transactions.

In November 2021, an exploit via Cloudfare resulted in BadgerDAO users losing over $120M. It’s one of the largest attacks in defi’s history.

On November 10, the attacker began using their API access to inject malicious scripts via Cloudflare Workers into the html of app.badger.com. The script intercepted web3 transactions and prompted users to allow a foreign address approval to operate on ERC-20 tokens in their wallet. On November 20, the first on-chain malicious approval was made for the exploiter wallet.

Once again, BadgerDAO’s live website didn’t create the expected smart contract interactions based on the UI displayed to users. It’s a significant problem especially as more users enter the space and the dapp ecosystem expands.

What problems does GuardianUI address?

GuardianUI helps web3 developers keep their users safe through our E2E automated testing platform by validating and monitoring an app’s live UI to ensure it creates the expected smart contract interactions.

We aim to solve the following problems:

• The growth in adoption of web3 means tens of millions of people (and growing) are exposed to potential financial harm from apps with compromised frontends.
• The growth of the developer community and number of web3 apps means the surface area for attacks has increased exponentially.
• The pace of web3 innovation — combined with a general lack of developer supply — means teams feel pressured to ship new features in lieu of dedicating time to writing E2E tests.
• Even if your team wants to perform E2E testing, web3 developer tools are still primitive, and it’s difficult to build the frameworks to create tests that accurately validate and monitor an app’s live UI creates the expected smart contract actions.
• Without rigorous testing and monitoring, developers are left scrambling to investigate the root issue of an exploit manually and/or through parsing info from from cryptotwitter when attacks occur.

Every time a user interacts with your app, they’re at risk of being attacked. Your reputation and your project’s reputation hinges on providing a secure environment for your users.

How is Guardian addressing these problems?

We provide the following as part of our solution:

• Active web3 application monitoring — scripted browser checks using our custom frameworks to monitor wallet, contract, and app interactions.
• Custom E2E test creation (if necessary) — GuardianUI will write your tests if your team isn’t staffed to write your own or you prefer to outsource that activity so your team can instead focus on feature development.
• Alerts with actionable insights — alert your team to attacks that trigger vulnerabilities. Alerts can be sent via discord, telegram, email, or our webhooks.
• Insightful dashboards and reports — get real-time and historical data and insights on the performance of your tests and the security status of your app.
• Teams and user management — Add team members to your account with role-based permissioning.

Example of GuardianUI test framework using Uniswap

How is GuardianUI different than other web3 security solutions?

There are dozens of security-oriented web3 developer tools addressing the tech stack from frontend to smart contracts and with strategies from testing/monitoring/simulating to auditing.

The following chart provides a sampling of web3 security developer tools and vendors.

A sample of security developer tools in web3.

GuardianUI occupies a space of its own on this competitor matrix. The other companies in the same quadrant (Synpress, Fire, and Sign Assist) focus on frontend defense but in a different manner. For example, Fire and Sign Assist are browser extensions that simulates transactions, showing you exactly what will go in and out of your wallet before you sign the contract. Really cool tech but mainly requires the user to be proactive with their own security and use the extension.

Synpress is an open-source project from Synthetix building an E2E testing framework based on Cypress.io and playwright with support for metamask. This is another great project pushing web3 development best-practices forward by attempting to make it possible for web3 teams to perform E2E tests that incorporate wallets. It relies on teams to perform their own testing and monitoring using the Synpress framework.

GuardianUI makes it possible for web3 teams to perform E2E tests on their live app. We also provide continuous monitoring and alerts so teams know exactly when and why a test failed. They can use this actionable insight to immediately identify and address an issue. We’ll also act as an extension of your team to write the tests for you if you don’t have the bandwidth or skillsets to do so internally.

What’s next?

We’re finishing the testing framework and are actively building the GuardianUI app to provide to users. SoonTM.

For now, we’d love to get user feedback on GuardianUI and what we’re planning, so please complete this short waitlist form if you’re interested.

Follow us on twitter and hit us up there as well so we can keep the convo going!

About GuardianUI

GuardianUI is the testing and monitoring platform for web3 frontends. Our SaaS platform integrates and automates end-to-end testing, application performance monitoring for web3 critical paths, and real-time alerting and observability to ensure deployed applications create the expected smart contract interactions for users.

https://www.guardianui.com/